Created
October 31, 2008 06:10
-
-
Save hassox/21238 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Article | |
include DataMapper::Resource | |
authorizable! | |
authorize_with do | |
with(:view ).use(:Public, :ViewPublished, :Admin, :PublisherRole) | |
with(:view_draft).use(:Owner, :PublisherRole, :Admin) | |
with(:edit ).use(:Owner, :Admin) | |
with(:create ).use(:Public) | |
with(:delete ).use(:Admin) | |
end | |
end | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class Articles < Application | |
authorize_resource! Article | |
def index | |
@articles = Article.all(:limit => 10) | |
display @articles | |
end | |
def show(id) | |
display @article | |
end | |
def draft(id) | |
find_member | |
raise Unauthorized unless authorized?(@article, :view_draft) | |
display @article | |
end | |
def edit(id) | |
display @article | |
end | |
def update(id, article) | |
if @article.update_attributes(article) | |
redirect resource(@article) | |
else | |
render :edit | |
end | |
end | |
def create(article) | |
@article = Articles.create(@article) | |
if @article.new_record? | |
render :new | |
else | |
redirect resource(@article) | |
end | |
end | |
def destroy(id) | |
@article.destroy | |
redirect url(:articles) | |
end | |
private | |
def find_member | |
@post = Post.get(params[:id]) | |
raise NotFound unless @post | |
@post | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Policies | |
module Merb::Authorization::Policies | |
class Public < Policy | |
def self.general_policy(user) | |
true | |
end | |
def self.object_policy(user,object) | |
object.responds_to?(:is_public?) ? object.is_public? : true | |
end | |
end | |
class Admin < Policy | |
def self.general_policy(user) | |
user.is_admin? | |
end | |
def self.object_policy(user, object) | |
general_policy(user) | |
end | |
end | |
class ViewPublished < Policy | |
def self.object_policy(user, object) | |
return true unless object.responds_to(:is_published?) | |
object.is_published? | |
end | |
end | |
class PublisherRole < Policy | |
def self.general_policy(user) | |
user.has_role?("publisher") | |
end | |
def self.object_policy(user,obj) | |
return true unless obj.respond_to?(:is_publishable?) | |
user.has_role?("publisher") && obj.is_publishable? | |
end | |
end | |
class Owner < Policy | |
def self.object_policy(user, obj) | |
return true unless obj.respond_to?(:owner) | |
obj.owner == user | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment